which way should I lean towards

So I'm new to security but I work on the desktop side of things, now the current job that I am in , I don't get a chance to touch security should I start off with security + cert and then move to CISSP?

So I'm new to security but I work on the desktop side of things, now the current job that I am in , I don't get a chance to touch security should I start off with security + cert and then move to CISSP?

I would start with Sec+ then get your CISSP or OSCP or eJPT. There are many routes to go, and different certs to get....

In the darkest hour, there is always a way out - Eve ME3 :cool:
“The measure of an individual can be difficult to discern by actions alone.” – Thane Krios

First, you should get some IT experience while working on your requirements to sit for the CISSP or take the SSCP and do it right. We have many, many people who have cheated the rules only to be found to be "lacking" knowledge later. It ain't pretty but I for one am more than happy to assist in finding more appropriate employment in another field.

Please read the requirements to sitting for the CISSP. Decide what area you would most likely wish to pursue: be that red team, blue team, audit, BCP/DRM or GRC. No one does everything anymore so there is no "Security guy" who does everything or they just aren't that good at anything. You will start to specialize rather quickly.

When you decide what it is of the 31 tasks of security (seriously), ask yourself why you want to pursue this field? Hint if its because its the latest "hot field" your going to burn out fairly quickly as to be good requires constant work and training on a daily basis. I know and have meet many who don't and should no longer be at the security desk due to burnout. Sorry, that's a fact. Please go back to administration and support rather than tying up other resources showing you how to trace an IP to the source for the fifth time this week. That family of virii that happened last week has been replaced but there is no current signature to disable it. We have to the research, capture the file, submit and contain all on our own and in the next hour or two or the company is going to loose big money.

This is what security looks like on a daily basis - when your good at it.

I agree with beads. I have over 15 years experience in IT. My interest in IT began when a friend showed me how to build a firewall using Linux (Red Hat 5 - if memory serves correct). Most of my career I worked as a Sys Admin with a strong interest in security throughout. Over the last few years I've transitioned into security focused roles. One things I've noticed is that some business don't understand that security is a broad field with a number of specialities. They tend to think that you are an expert in all of them which has led me to learn new things (GRC) and try to educate them to think otherwise. Right now I am a security team of one, but fortunately I have a supportive director who understands the reality. I've worked very hard to get to this point and love what I do. There are no shortcuts or substitutes for passion.